Your Personal Information: Protecting it from Exploitation

Your Personal Information: Protecting it From Exploitation

 

Protecting Your Personal Information from Exploitation
 
Watch the Video    |  View the Brochure    |   Download the Text   
 
Data breaches involving personal information result in a broad range of risks to individuals and organizations.  This includes identity theft, targeting of individuals with knowledge of sensitive government information and internal business processes, and other intelligence activities that use personal information of U.S. citizens to undermine national security.

It is in our collective interest that we take actions to limit the risk of our personal information being exploited, and that we are able to recognize any indicators that we may be the target of such activities.

  Download the NCSC Spear Phishing Poster   Download the NCSC Social Media Deception Poster   Download the NCSC Human Targeting Poster   travel awareness icon  

Confirmation that your personal information has been accessed in a data breach is not a guarantee that your information will be misused or that you will be targeted for further exploitation.  However, it is important to remain mindful of the risk of such misuse or exploitation. 

The following information is provided to raise your awareness to this possibility and to help you understand how your personal information may be used by foreign intelligence services, and other “bad actors” (extremists, criminals, hackers, and the like).

The information below is provided to raise awareness and provide guidance for mitigating risks; it is not intended to indicate that the government has observed particular adverse effects from data compromises.

 
 
 
 
 
Pointer General Awareness & Protection Guidance  
 
 
Pointer How You Might Become a Victim  
 

Social Engineering

Social Engineering is the term used to describe bad actors using information they have discovered either legally or illegally about you to gain your trust and extract further information or manipulate you to take actions you would not otherwise take.

The use of stolen personal information by cyber operators is highly valuable for social engineering as it can be used to create a compelling illusion that you already know an individual or have a shared interest with them.  It opens a means to contact you in either cyber space or the physical world to foster that trust or do harm.

Examples of how bad actors may use your personal information for social engineering and other purposes include:

Phishing (or spearphishing) is a common method used to contact people through email. With phishing, bad actors use social engineering to target their victims and lure them into taking actions that could ultimately compromise their computer or network.  Examples include getting a victim to open a malicious attachment or clicking on a bogus embedded link. Like other social engineering attacks, spear phishing takes advantage of a victim’s most basic human traits, such as a desire to be helpful, provide a positive response to those in authority, or respond positively to someone who shares similar tastes or views, or simple curiosity about contemporary news and events. Those who “take the bait,” become unwitting participants in a computer network attack by allowing the attackers to bypass many of our technical defenses.

Phishing scams also trick you into providing your confidential information, which is then used to access your accounts.  Typically this kind of fraud involves an email, text message, or pop-up window claiming to come from an official source.

Social Media Deception (including Facebook, Twitter, Google and LinkedIn) provides bad actors with an avenue to connect to their victims. Attackers may create a fake profile to befriend their victims while posing as a former acquaintance, job recruiter, or someone with a shared interest. Using a fake online persona, an attacker may try and get their victims to reveal more information about themselves or their employers, or they may simply collect more information about their victims from your social media postings.

Human Targeting is often used by foreign governments to target individuals with access to information of interest to them.  For instance, you may unexpectedly meet someone at a venue of interest, such as a conference or child’s school event, who shares your interests or views and establishes an ongoing relationship.  Your new friend may test you by getting you to do seemingly small “favors” for them or getting you to talk about trivial work-related information.  Over time, trivial information may lead them to information that is of interest.

Travel Vulnerabilities are greater than usual, especially if you are traveling outside of the U.S., as it is common for you to encounter unfamiliar people. Also, your guard may be down because you are traveling for vacation, training, or other relaxing purposes. Therefore, take extra precaution of:

  • Those who approach you in a friendly manner and seem to have a lot in common with you--especially if they wish to maintain contact with you once you return home.
  • Interactions in social settings where you find you are unusually successful in meeting and impressing others.
  • Aseemingly random and/or other foreign acquaintance who has heightened interest in your work or introduces you to a third party who then wants to continue to meet with you.

Unsolicited Telephone and Text Messages
from toll-free numbers can be set up quickly and sometimes exist solely for the purpose of capturing your confidential information, often simply by playing a prerecorded message about your accounts being in trouble.  The message prompts you to enter your 16-digit account number.  This is followed by a request for your PIN and other personal information.  Or you may receive a text message or a phone call with a prerecorded message that describes an urgent situation that requires immediate action.  The message may say, “Your account has been blocked.  Please call 800-123-4567 to unlock it.”  Before you realize you’re being scammed, you’ve given enough information to duplicate your card and access your accounts.

Identity Impersonation is acquiring key pieces of your confidential information, such as your name, address, birthdate, Social Security number, and mother's maiden name, in order to commit fraud.  Identify Impersonation can be used as a tactic for corporate exploitation via the newly acquired identity.  With this information, an identity thief can take over your financial accounts; open new bank accounts; purchase automobiles; apply for loans, credit cards, and Social Security benefits; rent apartments; and establish services with utility and phone companies, all in your name. 

| HIDE SECTION |

 
 
Pointer Reporting  
 
 
Pointer Videos  
 
Pointer More Information  
 
 
Protecting Your Personal Information - Graphic Footer
 

 

National Counterintelligence and Security Center